EP1388060A1 - Method and apparatus for serving content from a semi-trusted server - Google Patents
Method and apparatus for serving content from a semi-trusted serverInfo
- Publication number
- EP1388060A1 EP1388060A1 EP01996126A EP01996126A EP1388060A1 EP 1388060 A1 EP1388060 A1 EP 1388060A1 EP 01996126 A EP01996126 A EP 01996126A EP 01996126 A EP01996126 A EP 01996126A EP 1388060 A1 EP1388060 A1 EP 1388060A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- client
- server
- web
- semi
- credential
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Definitions
- Examples of restricted data include pages that are obtained by subscription to a set of registered users, images that are available to a restricted set of users, or data can is personalized for a specific user.
- Fig. 9 shows a flowchart that illustrates the actions taken by the origin web-server for the embodiment shown in Fig. 7.
- Fig. 11 shows a flowchart that illustrates the actions taken by the origin web-server for creating a cookie that will be presented to the semi-trusted web-server.
- Fig. 14 illustrates the use of shared keys by semi-trusted and origin web-servers.
- the authenticator 202 first authenticates the client 101 to the origin web-server 103.
- the credential creator 203 generates credential for the client to be used for subsequent communications.
- the credential presenter 204 communicates the client credential to the semi-trusted web-server 104.
- the credential correlator 205 correlates the client credential with the accessing client and the client user identifier.
- Fig. 4 shows a flowchart that illustrates the actions taken by the origin web-server 310 for the embodiment shown in Fig. 3.
- the flowchart is entered in the step 401 whenever the device implementing the embodiment is started at the origin web-server 310.
- the origin web-server waits for messages from a client.
- the origin web-server checks to see if the client is authenticated.
- the client may be authenticated by presenting a valid client credential as illustrated in Fig. 12, or the client may be authenticated by another scheme. If the client is not authenticated in step 410, then in step 425 the origin web-server initiates authentication and returns to step 410. If the client is authenticated in step 410, then step 415 is executed.
- step 515 the semi-trusted web-server checks to see if the client is authorized in step 520. If the client is not authorized in step 520, then step 535 is executed. In step 535, the semi-trusted web-server sends a forbidden message to the client and returns to step 505. If the client is authorized in step 520, then step 525 is executed and the content is provided to the client. Following step 525, the semi-trusted web-server returns to step 505 and waits for more messages.
- the presentation component 715 gives a reference to the client credential cookie in the form of a URL query string, or if the client already has a client credential cookie the cookie is presented to the semi-trusted web-server.
- the reference to the client credential cookie is used to select one of the stored cookies at the semi-trusted web-server, and then client-specific environment information such as the apparent client IP address and the HTTP header information as well as additional client-specific environment information obtained by the correlation component 740 through the second client-side program is correlated to the client credential.
- the origin web-server creates a valid cookie as described later in Fig. 11 and includes a reference to the cookie in the redirection of the client (825).
- the original web-server also stores the cookie at the semi-trusted web-servers (830) or in a directory accessible to the semi-trusted web-servers.
- the client proceeds with sending the request to the semi-trusted web-server (835) as indicated in the redirection. If the semi-trusted web-server and original web-server share one domain, then the client includes the cookie. If the client does not include a cookie, then the semi-trusted web-server looks up the cookie from where it is stored by the origin web-server.
- Fig. 11 illustrates an example of a client cookie that is created by the origin web-server.
- the cookie consists of two parts: one part is encrypted and one part is not encrypted.
- the encrypted part consists of the client's IP address as seen by the origin web-server (1100); optional client correlation information gathered either by a client-side program (1105); a hash of the client's request header as seen by the origin web-server (11 10); the client's user identification as used for authorization by the origin and semi-trusted web-server (1 115); optionally a random bit pattern B (1120); a time stamp including the creation time of the cookie (1125); a global time out value valid for the whole domain (1130) which is usually a fixed offset added to the creation time; and a cookie inactivity time-out (1135) which is a fixed offset added to the cookie creation time.
- step 1240 is executed.
- step 1240 the client access credentials in the cookie are retrieved.
- step 1245 the validation process reports valid and returns the client's credentials to the caller. These credentials are used throughout the authorization to decide whether to provide access or not to the client.
- Fig 14 illustrates the key entry used by semi-trusted web-servers and origin web-servers to protect part of the cookie both against unnoticed modification and disclosure.
- the key entry comprises of a key identification number (1400), the key itself (1405), and optionally a key time-out value (1410).
- the origin web-server creates a key entry with a new key, a new key identification number, and an empty time-out value and distributes it securely to all semi-trusted web-servers.
- the origin server includes in the appropriate cookie field (see Fig. 11), the key identification of the key that is used when creating the cookie.
- Fig. 15 shows a flowchart that illustrates the actions taken by the origin web-server when creating secure content for a client (1500). This part applies if the client retrieves information that shall be kept confidential even regarding the semi-trusted web-servers serving these data. Embedding secure content into information served by semi-trusted web-servers enhances scalability and security as most of the information retrieved is not highly sensitive and can be shared by many users leveraging caching in the semi-trusted web-server. The small amount of individual and sensitive data is retrieved transparently for the client and automatically by the semi-trusted web-server from the origin web-server. A special secure content handler, installed in the client, will present the secure content to the user in a way that makes secure and conventional data distinguishable for the user.
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US853164 | 2001-05-10 | ||
US09/853,164 US6986047B2 (en) | 2001-05-10 | 2001-05-10 | Method and apparatus for serving content from a semi-trusted server |
PCT/US2001/046648 WO2002093377A1 (en) | 2001-05-10 | 2001-12-04 | Method and apparatus for serving content from a semi-trusted server |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1388060A1 true EP1388060A1 (en) | 2004-02-11 |
EP1388060A4 EP1388060A4 (en) | 2004-12-15 |
Family
ID=25315246
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP01996126A Ceased EP1388060A4 (en) | 2001-05-10 | 2001-12-04 | Method and apparatus for serving content from a semi-trusted server |
Country Status (9)
Country | Link |
---|---|
US (1) | US6986047B2 (en) |
EP (1) | EP1388060A4 (en) |
JP (1) | JP2004537101A (en) |
KR (1) | KR100615793B1 (en) |
CN (1) | CN1290014C (en) |
CA (1) | CA2444291A1 (en) |
IL (1) | IL158612A0 (en) |
TW (1) | TWI242962B (en) |
WO (1) | WO2002093377A1 (en) |
Families Citing this family (92)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8375127B1 (en) * | 1999-03-31 | 2013-02-12 | International Business Machines Corporation | Method and system for using virtual URLs for load balancing |
US6874028B1 (en) * | 1999-10-25 | 2005-03-29 | Microsoft Corporation | System and method for unified registration information collection |
US7350228B2 (en) * | 2001-01-23 | 2008-03-25 | Portauthority Technologies Inc. | Method for securing digital content |
JP2003108426A (en) * | 2001-09-28 | 2003-04-11 | Canon Inc | Information providing server, communication terminal, method of controlling the communication terminal, and information providing system |
US7844683B2 (en) * | 2001-10-10 | 2010-11-30 | Juniper Networks, Inc. | String matching method and device |
US7392391B2 (en) * | 2001-11-01 | 2008-06-24 | International Business Machines Corporation | System and method for secure configuration of sensitive web services |
US20030226037A1 (en) * | 2002-05-31 | 2003-12-04 | Mak Wai Kwan | Authorization negotiation in multi-domain environment |
US20030229782A1 (en) * | 2002-06-07 | 2003-12-11 | Robert Bible | Method for computer identification verification |
US7640578B2 (en) * | 2002-07-08 | 2009-12-29 | Accellion Inc. | System and method for providing secure communication between computer systems |
US7383339B1 (en) | 2002-07-31 | 2008-06-03 | Aol Llc, A Delaware Limited Liability Company | Local proxy server for establishing device controls |
US7383579B1 (en) * | 2002-08-21 | 2008-06-03 | At&T Delaware Intellectual Property, Inc. | Systems and methods for determining anti-virus protection status |
US7373662B2 (en) * | 2002-08-27 | 2008-05-13 | Hewlett-Packard Development Company, L.P. | Secure resource access |
US20040083296A1 (en) * | 2002-10-25 | 2004-04-29 | Metral Max E. | Apparatus and method for controlling user access |
US7584359B2 (en) * | 2002-12-11 | 2009-09-01 | Broadcom Corporation | Secure media peripheral association in a media exchange network |
JP4352710B2 (en) * | 2003-01-29 | 2009-10-28 | セイコーエプソン株式会社 | Information viewing system |
US20040177258A1 (en) * | 2003-03-03 | 2004-09-09 | Ong Peng T. | Secure object for convenient identification |
US7363508B2 (en) * | 2003-05-21 | 2008-04-22 | Palo Alto Research Center Incorporated | System and method for dynamically enabling components to implement data transfer security mechanisms |
US7337219B1 (en) | 2003-05-30 | 2008-02-26 | Aol Llc, A Delaware Limited Liability Company | Classifying devices using a local proxy server |
US8019989B2 (en) * | 2003-06-06 | 2011-09-13 | Hewlett-Packard Development Company, L.P. | Public-key infrastructure in network management |
US7437457B1 (en) | 2003-09-08 | 2008-10-14 | Aol Llc, A Delaware Limited Liability Company | Regulating concurrent logins associated with a single account |
US20060031479A1 (en) * | 2003-12-11 | 2006-02-09 | Rode Christian S | Methods and apparatus for configuration, state preservation and testing of web page-embedded programs |
US20050154887A1 (en) * | 2004-01-12 | 2005-07-14 | International Business Machines Corporation | System and method for secure network state management and single sign-on |
GB2412979A (en) * | 2004-04-07 | 2005-10-12 | Hewlett Packard Development Co | Computer access control based on user behaviour |
US7650409B2 (en) * | 2004-04-12 | 2010-01-19 | Nokia Siemens Networks Oy | System and method for enabling authorization of a network device using attribute certificates |
EP1766839B1 (en) * | 2004-07-15 | 2013-03-06 | Anakam, Inc. | System and method for blocking unauthorized network log in using stolen password |
US8528078B2 (en) * | 2004-07-15 | 2013-09-03 | Anakam, Inc. | System and method for blocking unauthorized network log in using stolen password |
US8296562B2 (en) | 2004-07-15 | 2012-10-23 | Anakam, Inc. | Out of band system and method for authentication |
US8533791B2 (en) * | 2004-07-15 | 2013-09-10 | Anakam, Inc. | System and method for second factor authentication services |
US7676834B2 (en) * | 2004-07-15 | 2010-03-09 | Anakam L.L.C. | System and method for blocking unauthorized network log in using stolen password |
US8024784B1 (en) * | 2004-09-16 | 2011-09-20 | Qurio Holdings, Inc. | Method and system for providing remote secure access to a peer computer |
JP4277779B2 (en) * | 2004-09-30 | 2009-06-10 | コニカミノルタビジネステクノロジーズ株式会社 | Image processing system and processing method |
US8190642B2 (en) * | 2004-11-18 | 2012-05-29 | International Business Machines Corporation | Method, system, and storage medium for implementing intelligent team management services |
JP4520840B2 (en) * | 2004-12-02 | 2010-08-11 | 株式会社日立製作所 | Encrypted communication relay method, gateway server device, encrypted communication program, and encrypted communication program storage medium |
US20060143695A1 (en) * | 2004-12-27 | 2006-06-29 | Amiram Grynberg | Anonymous Spoof resistant authentication and enrollment methods |
CN100417066C (en) * | 2004-12-29 | 2008-09-03 | 国际商业机器公司 | Multi-territory accessing proxy using in treating safety problem based on browser application |
US8051291B2 (en) * | 2005-07-15 | 2011-11-01 | Microsoft Corporation | Unique block header patterns for media verification |
US7908649B1 (en) * | 2005-09-20 | 2011-03-15 | Netapp, Inc. | Method and apparatus for providing efficient authorization services in a web cache |
US20070115927A1 (en) * | 2005-11-04 | 2007-05-24 | Sbc Knowledge Ventures, Lp | Click to initiate secure network service |
US7581244B2 (en) * | 2006-01-25 | 2009-08-25 | Seiko Epson Corporation | IMX session control and authentication |
US7765275B2 (en) * | 2006-01-27 | 2010-07-27 | International Business Machines Corporation | Caching of private data for a configurable time period |
US9386327B2 (en) | 2006-05-24 | 2016-07-05 | Time Warner Cable Enterprises Llc | Secondary content insertion apparatus and methods |
US8280982B2 (en) * | 2006-05-24 | 2012-10-02 | Time Warner Cable Inc. | Personal content server apparatus and methods |
US20070285501A1 (en) * | 2006-06-09 | 2007-12-13 | Wai Yim | Videoconference System Clustering |
US8024762B2 (en) | 2006-06-13 | 2011-09-20 | Time Warner Cable Inc. | Methods and apparatus for providing virtual content over a network |
US20080016156A1 (en) * | 2006-07-13 | 2008-01-17 | Sean Miceli | Large Scale Real-Time Presentation of a Network Conference Having a Plurality of Conference Participants |
US7634540B2 (en) * | 2006-10-12 | 2009-12-15 | Seiko Epson Corporation | Presenter view control system and method |
US20080091838A1 (en) * | 2006-10-12 | 2008-04-17 | Sean Miceli | Multi-level congestion control for large scale video conferences |
US8943309B1 (en) | 2006-12-12 | 2015-01-27 | Google Inc. | Cookie security system with interloper detection and remedial actions to protest personal data |
US7779103B1 (en) | 2006-12-12 | 2010-08-17 | Google Inc. | Dual cookie security system |
US8850520B1 (en) * | 2006-12-12 | 2014-09-30 | Google Inc. | Dual cookie security system with interlocking validation requirements and remedial actions to protect personal data |
US20080201338A1 (en) * | 2007-02-16 | 2008-08-21 | Microsoft Corporation | Rest for entities |
US8181206B2 (en) | 2007-02-28 | 2012-05-15 | Time Warner Cable Inc. | Personal content server apparatus and methods |
US20080228922A1 (en) * | 2007-03-14 | 2008-09-18 | Taiwan Semiconductor Manufacturing Company, Ltd. | System and Method for Providing Client Awareness in High-Availability Application Architecture |
US9043935B2 (en) * | 2007-05-18 | 2015-05-26 | Novell, Inc. | Techniques for personalizing content |
US8667563B1 (en) | 2007-10-05 | 2014-03-04 | United Services Automobile Association (Usaa) | Systems and methods for displaying personalized content |
US20090210400A1 (en) * | 2008-02-15 | 2009-08-20 | Microsoft Corporation | Translating Identifier in Request into Data Structure |
US9503691B2 (en) | 2008-02-19 | 2016-11-22 | Time Warner Cable Enterprises Llc | Methods and apparatus for enhanced advertising and promotional delivery in a network |
US8910255B2 (en) * | 2008-05-27 | 2014-12-09 | Microsoft Corporation | Authentication for distributed secure content management system |
US8132019B2 (en) * | 2008-06-17 | 2012-03-06 | Lenovo (Singapore) Pte. Ltd. | Arrangements for interfacing with a user access manager |
CN101316192A (en) * | 2008-07-09 | 2008-12-03 | 北京黑米世纪信息技术有限公司 | Encoding method for unique identity code of network visitor |
US8806201B2 (en) * | 2008-07-24 | 2014-08-12 | Zscaler, Inc. | HTTP authentication and authorization management |
US9379895B2 (en) * | 2008-07-24 | 2016-06-28 | Zscaler, Inc. | HTTP authentication and authorization management |
US8656462B2 (en) * | 2008-07-24 | 2014-02-18 | Zscaler, Inc. | HTTP authentication and authorization management |
US9003186B2 (en) * | 2008-07-24 | 2015-04-07 | Zscaler, Inc. | HTTP authentication and authorization management |
US8302169B1 (en) * | 2009-03-06 | 2012-10-30 | Google Inc. | Privacy enhancements for server-side cookies |
GB0905559D0 (en) * | 2009-03-31 | 2009-05-13 | British Telecomm | Addressing scheme |
US8078870B2 (en) * | 2009-05-14 | 2011-12-13 | Microsoft Corporation | HTTP-based authentication |
US8732451B2 (en) * | 2009-05-20 | 2014-05-20 | Microsoft Corporation | Portable secure computing network |
JP2011135389A (en) * | 2009-12-25 | 2011-07-07 | Konica Minolta Business Technologies Inc | Image processing system, image processing apparatus, program, and data communication establishing method |
US9419956B2 (en) * | 2010-03-22 | 2016-08-16 | Bank Of America Corporation | Systems and methods for authenticating a user for accessing account information using a web-enabled device |
US8825745B2 (en) | 2010-07-11 | 2014-09-02 | Microsoft Corporation | URL-facilitated access to spreadsheet elements |
CN102143226B (en) * | 2011-02-12 | 2015-04-08 | 华为技术有限公司 | Time-out control method, time-out control device and time-out control system |
US8863248B2 (en) * | 2011-04-07 | 2014-10-14 | International Business Machines Corporation | Method and apparatus to auto-login to a browser application launched from an authenticated client application |
US8788505B2 (en) * | 2011-04-27 | 2014-07-22 | Verisign, Inc | Systems and methods for a cache-sensitive index using partial keys |
CN102629923B (en) * | 2012-03-23 | 2015-01-21 | 北龙中网(北京)科技有限责任公司 | Installation and identification method of website credible identity based on domain name system technology |
CN103699367B (en) * | 2012-09-27 | 2017-07-07 | 中国电信股份有限公司 | HTTP application programming interfaces call method and device |
US20140095870A1 (en) * | 2012-09-28 | 2014-04-03 | Prashant Dewan | Device, method, and system for controlling access to web objects of a webpage or web-browser application |
US9374436B2 (en) * | 2012-12-13 | 2016-06-21 | Qualcomm Incorporated | Loading a re-directed web page on a web browser of a client device in a communications system |
US9838375B2 (en) * | 2013-02-28 | 2017-12-05 | Microsoft Technology Licensing, Llc | RESTlike API that supports a resilient and scalable distributed application |
US20140282786A1 (en) | 2013-03-12 | 2014-09-18 | Time Warner Cable Enterprises Llc | Methods and apparatus for providing and uploading content to personalized network storage |
US9537659B2 (en) * | 2013-08-30 | 2017-01-03 | Verizon Patent And Licensing Inc. | Authenticating a user device to access services based on a device ID |
US11665150B2 (en) | 2013-11-14 | 2023-05-30 | Pleasant Solutions, Inc. | System and method for credentialed access to a remote server |
US10108168B2 (en) | 2014-06-01 | 2018-10-23 | Si-Ga Data Security (2014) Ltd. | Industrial control system smart hardware monitoring |
KR101783014B1 (en) * | 2015-09-10 | 2017-09-28 | 주식회사 수산아이앤티 | Method and apparatus for detecting terminals sharing a public IP address |
JP6834771B2 (en) * | 2017-05-19 | 2021-02-24 | 富士通株式会社 | Communication device and communication method |
US10810279B2 (en) * | 2018-02-07 | 2020-10-20 | Akamai Technologies, Inc. | Content delivery network (CDN) providing accelerated delivery of embedded resources from CDN and third party domains |
US10681148B1 (en) | 2018-04-24 | 2020-06-09 | Google Llc | Content selection through intermediary device |
US10841088B2 (en) * | 2018-05-10 | 2020-11-17 | Oracle International Corporation | Secure credential generation and validation |
US10263970B1 (en) * | 2018-10-07 | 2019-04-16 | Capital One Services, Llc | System, method and architecture for secure sharing of customer intelligence |
US11159497B2 (en) * | 2020-01-29 | 2021-10-26 | Citrix Systems, Inc. | Secure message passing using semi-trusted intermediaries |
US20220158831A1 (en) * | 2020-11-13 | 2022-05-19 | Citrix Systems, Inc. | Preventing http cookie stealing using cookie morphing |
US11665002B2 (en) * | 2020-12-11 | 2023-05-30 | International Business Machines Corporation | Authenticated elevated access request |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5815574A (en) * | 1994-12-15 | 1998-09-29 | International Business Machines Corporation | Provision of secure access to external resources from a distributed computing environment |
US5857191A (en) * | 1996-07-08 | 1999-01-05 | Gradient Technologies, Inc. | Web application server with secure common gateway interface |
US5875296A (en) * | 1997-01-28 | 1999-02-23 | International Business Machines Corporation | Distributed file system web server user authentication with cookies |
US6032184A (en) * | 1995-12-29 | 2000-02-29 | Mci Worldcom, Inc. | Integrated interface for Web based customer care and trouble management |
WO2000079432A1 (en) * | 1999-06-18 | 2000-12-28 | Gte Laboratories Incorporated | Enhanced security for applications employing downloadable executable content |
US6226752B1 (en) * | 1999-05-11 | 2001-05-01 | Sun Microsystems, Inc. | Method and apparatus for authenticating users |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6138162A (en) * | 1997-02-11 | 2000-10-24 | Pointcast, Inc. | Method and apparatus for configuring a client to redirect requests to a caching proxy server based on a category ID with the request |
US6067623A (en) * | 1997-11-21 | 2000-05-23 | International Business Machines Corp. | System and method for secure web server gateway access using credential transform |
US6330605B1 (en) * | 1998-11-19 | 2001-12-11 | Volera, Inc. | Proxy cache cluster |
-
2001
- 2001-05-10 US US09/853,164 patent/US6986047B2/en not_active Expired - Lifetime
- 2001-12-04 IL IL15861201A patent/IL158612A0/en unknown
- 2001-12-04 CN CNB018232329A patent/CN1290014C/en not_active Expired - Lifetime
- 2001-12-04 KR KR1020037013258A patent/KR100615793B1/en not_active IP Right Cessation
- 2001-12-04 EP EP01996126A patent/EP1388060A4/en not_active Ceased
- 2001-12-04 CA CA002444291A patent/CA2444291A1/en not_active Abandoned
- 2001-12-04 JP JP2002589986A patent/JP2004537101A/en active Pending
- 2001-12-04 WO PCT/US2001/046648 patent/WO2002093377A1/en active Application Filing
-
2002
- 2002-05-03 TW TW091109299A patent/TWI242962B/en not_active IP Right Cessation
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5815574A (en) * | 1994-12-15 | 1998-09-29 | International Business Machines Corporation | Provision of secure access to external resources from a distributed computing environment |
US6032184A (en) * | 1995-12-29 | 2000-02-29 | Mci Worldcom, Inc. | Integrated interface for Web based customer care and trouble management |
US5857191A (en) * | 1996-07-08 | 1999-01-05 | Gradient Technologies, Inc. | Web application server with secure common gateway interface |
US5875296A (en) * | 1997-01-28 | 1999-02-23 | International Business Machines Corporation | Distributed file system web server user authentication with cookies |
US6226752B1 (en) * | 1999-05-11 | 2001-05-01 | Sun Microsystems, Inc. | Method and apparatus for authenticating users |
WO2000079432A1 (en) * | 1999-06-18 | 2000-12-28 | Gte Laboratories Incorporated | Enhanced security for applications employing downloadable executable content |
Non-Patent Citations (3)
Title |
---|
GOLDBERG I.; WAGNER D.: 'Randomness and the Netscape Browser, How secure is the World Wide Web?' DR. DOBB'S JOURNAL, [Online] January 1996, Retrieved from the Internet: <URL:http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html> * |
PARK J.S.; SANDHU R.: 'Secure cookies on the web' IEEE INTERNET COMPUTING July 2000, IEEE SERVICE CENTER, NEW YORK, NY, US, pages 36 - 44, XP002190888 * |
See also references of WO02093377A1 * |
Also Published As
Publication number | Publication date |
---|---|
JP2004537101A (en) | 2004-12-09 |
IL158612A0 (en) | 2004-05-12 |
KR100615793B1 (en) | 2006-08-25 |
US6986047B2 (en) | 2006-01-10 |
WO2002093377A1 (en) | 2002-11-21 |
CN1516833A (en) | 2004-07-28 |
KR20030093305A (en) | 2003-12-06 |
TWI242962B (en) | 2005-11-01 |
EP1388060A4 (en) | 2004-12-15 |
CA2444291A1 (en) | 2002-11-21 |
US20020169961A1 (en) | 2002-11-14 |
CN1290014C (en) | 2006-12-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6986047B2 (en) | Method and apparatus for serving content from a semi-trusted server | |
US6907530B2 (en) | Secure internet applications with mobile code | |
EP1368722B1 (en) | Method and system for web-based cross-domain single-sign-on authentication | |
US7287271B1 (en) | System and method for enabling secure access to services in a computer network | |
EP0960500B1 (en) | Method for providing secure remote command execution | |
US7581244B2 (en) | IMX session control and authentication | |
US7082532B1 (en) | Method and system for providing distributed web server authentication | |
KR100856674B1 (en) | System and method for authenticating clients in a client-server environment | |
US6081900A (en) | Secure intranet access | |
JP3605501B2 (en) | Communication system, message processing method, and computer system | |
US7366900B2 (en) | Platform-neutral system and method for providing secure remote operations over an insecure computer network | |
US7231517B1 (en) | Apparatus and method for automatically authenticating a network client | |
US6732277B1 (en) | Method and apparatus for dynamically accessing security credentials and related information | |
AU2001280975B2 (en) | Systems and methods for authenticating a user to a web server | |
US6766454B1 (en) | System and method for using an authentication applet to identify and authenticate a user in a computer network | |
KR100800339B1 (en) | Method and system for user-determined authentication and single-sign-on in a federated environment | |
US20060294366A1 (en) | Method and system for establishing a secure connection based on an attribute certificate having user credentials | |
US20040015725A1 (en) | Client-side inspection and processing of secure content | |
JP2007328482A (en) | Communication processing method and computer system | |
US8024784B1 (en) | Method and system for providing remote secure access to a peer computer | |
JP4608929B2 (en) | Authentication system, server authentication program, and client authentication program | |
US8112535B2 (en) | Securing a server in a dynamic addressing environment | |
JP2000172645A (en) | Server computer and certificate information managing method for the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20031121 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK RO SI |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: VERMA, DINESH, CHANDRA Inventor name: SAILER, REINER Inventor name: GILES, JAMES, RYAN |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20041029 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: 7G 06F 15/16 B Ipc: 7G 06F 15/173 B Ipc: 7G 06F 1/00 A |
|
17Q | First examination report despatched |
Effective date: 20050201 |
|
17Q | First examination report despatched |
Effective date: 20050201 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20071129 |